f325dea4205398399ffacecd3a6708aedcab0ff6288b3efa6c477b8dfb4fa22e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f325dea4205398399ffacecd3a6708aedcab0ff6288b3efa6c477b8dfb4fa22e
Size

191KB
Sample

221205-vkpsyace2w
MD5

5affdf5e22daf43369a8c57745e71958
SHA1

5b037e3e6299c9e8399bc547a438b824c61998aa
SHA256

f325dea4205398399ffacecd3a6708aedcab0ff6288b3efa6c477b8dfb4fa22e
SHA512

63b2b394062f07269362806a6340e3352be697a802f59467918d1cfdaf152737e9684c168d8e948d9134fdd95d88209b4c3520190ee5a2f5cc02e431833e26dd
SSDEEP

3072:lzNWMKKRZYc1ObK91C8sV6Xmoo4MEpYeptCGF81fc:lZuaObR8sVImPyYepAGr

Score

8^/10

Malware Config

Targets

- Target
  
  f325dea4205398399ffacecd3a6708aedcab0ff6288b3efa6c477b8dfb4fa22e
- Size
  
  191KB
- MD5
  
  5affdf5e22daf43369a8c57745e71958
- SHA1
  
  5b037e3e6299c9e8399bc547a438b824c61998aa
- SHA256
  
  f325dea4205398399ffacecd3a6708aedcab0ff6288b3efa6c477b8dfb4fa22e
- SHA512
  
  63b2b394062f07269362806a6340e3352be697a802f59467918d1cfdaf152737e9684c168d8e948d9134fdd95d88209b4c3520190ee5a2f5cc02e431833e26dd
- SSDEEP
  
  3072:lzNWMKKRZYc1ObK91C8sV6Xmoo4MEpYeptCGF81fc:lZuaObR8sVImPyYepAGr
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2